[CRIU] [PATCH] parasite: Don't left memfd opened inside dumpee

Cyrill Gorcunov gorcunov at gmail.com
Wed Jan 20 05:25:43 PST 2016


If for some reason ptrace_poke_area return error
we might left dumpee with memfd descriptor opened.

Later in code we remove out injected blob making
dumpee to look untouched but descriptor will hang there.

lsof from container output:

 | systemd-u   48       root    6u      REG                0,4        0  53855 /memfd:CRIUMFD (deleted)

Thus lets close it immediately.

https://jira.sw.ru/browse/PSBM-43199

Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
---
 parasite-syscall.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/parasite-syscall.c b/parasite-syscall.c
index d1c1ec9..b0a3d21 100644
--- a/parasite-syscall.c
+++ b/parasite-syscall.c
@@ -1187,7 +1187,7 @@ static int parasite_memfd_exchange(struct parasite_ctl *ctl, unsigned long size)
 	void *where = (void *)ctl->syscall_ip + BUILTIN_SYSCALL_SIZE;
 	u8 orig_code[MEMFD_FNAME_SZ] = MEMFD_FNAME;
 	pid_t pid = ctl->pid.real;
-	unsigned long sret;
+	unsigned long sret = -ENOSYS;
 	int ret, fd, lfd;
 
 	BUILD_BUG_ON(sizeof(orig_code) < sizeof(long));
@@ -1201,6 +1201,9 @@ static int parasite_memfd_exchange(struct parasite_ctl *ctl, unsigned long size)
 			     (unsigned long)where, 0, 0, 0, 0, 0);
 
 	if (ptrace_poke_area(pid, orig_code, where, sizeof(orig_code))) {
+		fd = (int)(long)sret;
+		if (fd >= 0)
+			syscall_seized(ctl, __NR_close, &sret, fd, 0, 0, 0, 0, 0);
 		pr_err("Can't restore memfd args (pid: %d)\n", pid);
 		return -1;
 	}
-- 
2.5.0



More information about the CRIU mailing list